Deploying Printers with Group Policy using security filtering

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.

In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.

To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.

Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer

Then create your GP object:
Create a new GP object with appropriate name
Go to User ConfigurationWindows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe into there (52KB)
Figure 1

Then click add and on script name type in pushprinterconnections.exe  (Fig 2) and click OK
 Figure 2
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)

Figure 3On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)

 Figure 4
Click Browse and navigate to your newly created GPO  (Fig .5)

 Figure 5Select so that the GP only applies on the (per user)  (Fig .6)

Figure 6Click Add
You should get a screen that says the printer has been successfully deployed
Reboot once or twice and your printer will be installed automatically wherever you logon.

Hope you will find this Article helpful for your own printer deployments.

Comments (4)

wow that's way more complicated than what i do, i just add

rundll32 printui.dll,PrintUIEntry /in /n "\\printserver\printer

to their logon script in sysvol, works great, easy to manage and don't have to fiddle with group policy


Thanx for the input.
The purpose of the article is to automatically deploy printers based on which security group you belong to.
It gives you way more flexibility and control over which users get which printers.
Where as deploying it via login script limits you and you really dont want many different login scripts just to deploy a printer to a different ou.
Much harder to administer I think.

sorry i re-read my comment and it came off way more negative then i intended, i should have asked, what the advantages of your way vs over the login script way.

our environment has about 30 offices that logon to our tserv, and based off their 3 letter office code (matching the name of the logon script), everyone in that office gets the same printers.  so would this maybe apply to my situation better if i had someone in an office that might have special needs/restrictions, or travels to other offices in our company?  or possible an office setup that isn't a free love about their printer setup as we are?  i'm just confused because it seems like adding a gpo is the same amount of work as a quick login script, and (i know i'm a wuss)  i don't like fiddling with gpos

thank you for your time and being nice even though even i think i sounded like a jerk at first :)


It would apply in an environment in where you need to have more control. Where not all users in a department share the same printer. Perhaps different departments or offices have different budgets. For example sometimes a user or group of users would abuse a printer and this way its much easier to simple remove them from a group than to create a whole new OU just for them.
Sometimes you may only want certain people to have access to the expensive color printer , and this way it would be as simple as adding or removing them from a security group.
This way takes a short while to setup if you want to do things right the first time, but once you did , managing them afterwards would be easier.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.